CLAIMS 



What is claimed is: 



1 1 . A method of preventing buffer overrun security vulnerabilities comprising: 

2 executing a modified call routine for placing a random amount of empty space onto a stack; 

3 executing a called function; and 

4 executing a modified return routine for removing said random amount of empty space from 

5 the stack. 

9 2, The method of claim 1 , wherein said modified call routine comprises: 

i4 placing a return address for the called function on the stack; 

calculating a random number; 

!4 saving said random number in a secure location; 

fi placing a phiraUty of blank bytes equal to the random number onto the stack; 

3 building a stack frame by placing values from the called function onto the stack; and 

' 7 setting an end of stack pointer to an end of the stack fi*ame. 

1 3. The method of claim 2, wherein said location is a processor register that is not generally 

2 accessible. 

1 4. The method of claim 1 , wherein said modified retum routine comprises: 

2 recalling a random number saved during an execution of said modified call routine; 

3 removing a niimber of bytes equal to said random number from the stack; 

4 retrieving a retum address for the called function from the stack; and 
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5 setting an end of stack pointer to an end of a previous stack frame. 

1 5 . The method of claim 1 , wherein said modified call routine comprises: 

2 placing a retum address for the called function on the stack; 

3 calculating a hash value of stack invariants; 

4 saving said hash value in a secure location; and 

5 building a stack frame by placing values from the called function onto the stack. 

1 6. The method of claim 5, wherein said secure location is a processor register that is not 

3 generally accessible. 

ij 7. The method of claim 1, wherein said modified retum roxxtine comprises: 

-.3 calculating a second hash value of stack invariants; 

^^3 determining whether said second hash value matches a first hash value calculated during an 

^ execution of said modified call routine; 

3 executing a stack corruption exception if said second hash value does not match said first 

% hash value; and 

7 setting an end of stack pointer to an end of a previous stack frame if said second hash value 

8 matches said first hash value. 

1 8. A method of preventing buffer overrun security vulnerabilities comprising: 

2 searching an executable program for all function calls at the time the executable is installed; 

3 adding a random amount of blank space to all stacks generated by said function calls; 

4 adjusting all references to said stacks to compensate for said blank space. 
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1 9. The method of claim 8, wherein said method is performed when said executable is installed. 

1 1 0. The method of claim 9, further comprising saving said executable. 

1 1 L The method of claim 8, wherein said method is performed when said executable is loaded. 

1 12. An apparatus comprising: 

2 a storage device having stored therein one or more routines for preventing buffer overrun 

security vulnerabilities; and 

^ a processor coupled to the storage device for executing the one or more routines that, when 

y5 executing the routines, prevents buffer overrun errors by: 

# executing a modified call routine for placing a random amount of empty space onto a 

-7 stack; 

^ executing a called function; and 

^ executing a modified return routine for removing said random amount of empty space 

It from the stack. 

1 13. The apparatus of claim 12, wherein said modified call routine comprises: 

2 placing a retum address for the called function on the stack; 

3 calculating a random number; 

4 saving said random number in a secure location; 

5 placing a plurahty of blank bytes equal to the random number onto the stack; 

6 building a stack frame by placing values from the called function onto the stack; and 

7 setting an end of stack pointer to an end of the stack frame. 
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1 14. The apparatus of claim 13, wherein said location is a processor register that is not generally 

2 accessible. 

1 15. The apparatus of claim 1 2, wherein said modified return routine comprises: 

2 recalHng a random number saved during an execution of said modified call routine; 

3 removing a number of bytes equal to said random number from the stack; 

4 retrieving a return address for the called function fi-om the stack; and 

5 setting an end of stack pointer to an end of a previous stack frame. 



The apparatus of claim 12, wherein said modified call routine comprises: 
placing a return address for the called function on the stack; 
calculating a hash value of stack invariants; 
saving said hash value in a secure location; and 

building a stack frame by placing values from the called function onto the stack. 



H 17. The apparatus of claim 16, wherein said secure location is a processor register that is not 

2 generally accessible. 

1 18. The apparatus of claim 12, wherein said modified return routine comprises: 

2 calculating a second hash value of stack invariants; 

3 determining whether said second hash value matches a first hash value calculated during an 

4 execution of said modified call routine; 

5 executing a stack corruption exception if said second hash value does not match said first 

6 hash value; and 
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setting an end of stack pointer to an end of a previous stack frame if said second hash value 
matches said first hash value. 



1 19. An apparatus comprising: 

2 a storage device having stored therein one or more routines for preventing buffer overrun 

3 security vulnerabilities; and 

4 a processor coupled to the storage device for executing the one or more routines that, when 

5 executing the routines, prevents buffer overrun errors by: 

6 searching an executable program for all function calls at the time the executable is 
^ installed; 

3 adding a random amount of blank space to all stacks generated by said function calls; 

^ adjusting all references to said stacks to compensate for said blank space. 

ll 20. The apparatus of claim 19, wherein said method is performed when said executable is 
t'i installed. 

^""i 21 . The apparatus of claim 20, further comprising saving said executable. 

1 22. The apparatus of claim 19, wherein said method is performed when said executable is loaded. 

1 23. A machine-readable medium having stored thereon data representing sequences of 

2 instructions, said sequences of instructions which, when executed by a processor, cause said 

3 processor to prevents buffer overrun errors by: 

4 executing a modified call routine for placing a random amount of empty space onto a stack; 

5 executing a called function; and 
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executing a modified return routine for removing said random amount of empty space from 
the stack. 



1 24. The machine-readable medium of claim 23, wherein said modified call routine comprises: 

2 placing a return address for the called function on the stack; 

3 calculating a random number; 

4 saving said random number in a secure location; 

5 placing a plurality of blank bytes equal to the random number onto the stack; 

6 building a stack frame by placing values from the called ftinction onto the stack; and 
O setting an end of stack pointer to an end of the stack frame. 

y 25 . The machine-readable medixmi of claim 24, wherein said location is a processor register that 

;3 is not generally accessible. 

W 26. The machine-readable medium of claim 23, wherein said modified return routine comprises: 

recalling a random number saved during an execution of said modified call routine; 

^ removing a number of bytes equal to said random number from the stack; 

4 retrieving a return address for the called fimction from the stack; and 

5 setting an end of stack pointer to an end of a previous stack frame. 

1 27. The machine-readable medium of claim 23, wherein said modified call routine comprises: 

2 placing a return address for the called ftinction on the stack; 

3 calculating a hash value of stack invariants; 

4 saving said hash value in a secure location; and 

5 building a stack frame by placing values from the called ftinction onto the stack. 
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1 28. The machine-readable medium of claim 27, wherein said secure location is a processor 

2 register that is not generally accessible. 

1 29. The machine-readable medium of claim 23, wherein said modified return routine comprises: 

2 calculating a second hash value of stack invariants; 

3 determining whether said second hash value matches a first hash value calculated during an 

4 execution of said modified call routine; 

5 executing a stack corruption exception if said second hash value does not match said first 
3 hash value; and 

a setting an end of stack pointer to an end of a previous stack frame if said second hash value 

IM matches said first hash value. 

30. A machine-readable medium having stored thereon data representing sequences of 

Id instructions, said sequences of instructions which, when executed by a processor, cause said 

3 processor to prevents buffer overrun errors by: 

4- searching an executable program for all function calls at the time the executable is installed; 

5 adding a random amount of blank space to all stacks generated by said function calls; 

6 adjusting all references to said stacks to compensate for said blank space. 

1 31. The machine-readable medium of claim 30, wherein said method is performed when said 

2 executable is installed. 

1 32. The machine-readable medium of claim 31, further comprising saving said executable. 
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1 33. 
2 



The machine-readable medium of claim 30, wherein said method is performed when said 
executable is loaded. 
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